OCB uses the maximum possible nonce size, not the recommended one

OCB is specified in the draft as:

The OCB AEAD Algorithm used in this document is defined in RFC7253.

The OCB algorithm can only use block ciphers with 16-octet blocks. The initialization vector is 15 octets long. OCB authentication tags are 16 octets long.

Looking at RFC7253 we find:

[Inputs to OCB encrypt] N, string of no more than 120 bits // Nonce

120 bits = 15 octets make an appearance. However, looking at the algorithm author's documentation, we find:

Encryption and decryption depend on a nonce N, which must be selected as a new value for each encryption. The nonce need not be random or secret. A counter will work fine. Nonces may have any number of bits less than 128. The recommendation is to use a 96-bit nonce.

So the maximum nonce size seems to be in fact 127 bits, where 120 bits is the largest whole octet nonce size. However, the author explicitly recommends 96 bits. I think deviating from that requires some reasoning, or we should follow the recommendation.